Recommended update for crypto-policies

Announcement ID:	SUSE-RU-2026:21105-1
Release Date:	2026-04-13T13:10:36Z
Rating:	moderate
References:	bsc#1252696 bsc#1253025
Affected Products:	SUSE Linux Micro 6.2

An update that has two fixes can now be installed.

Description:

This update for crypto-policies fixes the following issues:

• Fix the testsuite:
  • Port all the policy changes to the config files in the test suite.
  • Use the newly introduced SKIP_LINTING=1 option.
• Adapt the manpages to SUSE/openSUSE:
  • Add crypto policies SUSE manpages
  • Compress all the man pages for update-crypto-policies.8.gz, crypto-policies.7.gz, fips-finish-install.8.gz and fips-mode-setup.8.gz into man-crypto-policies.tar.xz
• Update to version 20250714.cd6043a: (bsc#1253025, bsc#1252696)
  • gnutls: enable ML-DSA, for both secure-sig and secure-sig-for-cert
  • python, policies, tests: alias X25519-MLKEM768 to MLKEM768-X25519
  • FIPS: disable MLKEM768-X25519 for openssh (no-op)
  • FIPS: deprioritize X25519-MLKEM768 over P256-MLKEM768 for openssl...
  • TEST-PQ: be more careful with the ordering
  • openssl: send one PQ and one classic key_share; prioritize PQ groups
  • sequoia: Generate AEAD policy
  • Do not include EdDSA in FIPS policy
  • sequoia: Add PQC algorithm
  • sequoia: Run tests against PQC capable policy-config-check
  • Revert "openssl, policies: implement group_key_share option"
  • openssl, policies: implement group_key_share option
  • FIPS: enable hybrid ML-KEM (TLS only) and pure ML-DSA
  • python/build-crypto-policies: output diffs on --test mismatches
  • sequoia, rpm-sequoia: use ignore_invalid with sha3, x25519, ...
  • policies, alg_lists, openssl: remove KYBER from allowed values
  • openssl: stricter enabling of Ciphersuites
  • openssl: make use of -CBC and -AESGCM keywords
  • openssl: add TLS 1.3 Brainpool identifiers
  • fix warning on using experimental key_exchanges
  • update-crypto-policies: don't output FIPS warning in fips mode
  • openssh: map mlkem768x25519-sha256 to KEM-ECDH and MLKEM768-X25519 and SHA2-256
  • openssh, libssh: refactor kx maps to use tuples
  • alg_lists: mark MLKEM768/SNTRUP kex experimental
  • nss: revert enabling mlkem768secp256r1
  • nss: add mlkem768x25519 and mlkem768secp256r1, remove xyber
  • gnutls: add GROUP-X25519-MLKEM768 and GROUP-SECP256R1-MLKEM768
  • openssl: use both names for SecP256r1MLKEM768 / X25519MLKEM768
  • openssh, TEST-PQ: rename MLKEM key_exchange to MLKEM768
  • openssh: add support for sntrup761x25519-sha512 and mlkem768x25519-sha256
  • LEGACY: enable 192-bit ciphers for nss pkcs12/smime
  • openssl: map NULL to TLS_SHA256_SHA256:TLS_SHA384_SHA384...
  • nss: be stricter with new purposes
  • python/update-crypto-policies: pacify pylint
  • fips-mode-setup: tolerate fips dracut module presence w/o FIPS
  • fips-mode-setup: small Argon2 detection fix
  • SHA1: add __openssl_block_sha1_signatures = 0
  • fips-mode-setup: block if LUKS devices using Argon2 are detected
  • update-crypto-policies: skip warning on --set=FIPS if bootc
  • fips-setup-helper: skip warning, BTW
  • fips-mode-setup: force --no-bootcfg when UKI is detected
  • fips-crypto-policy-overlay: automount FIPS policy
  • nss: rewrite backend for 3.101
  • cryptopolicies: parent scopes for dumping purposes
  • policygenerators: move scoping inside generators
  • openssh: make dss no longer enableble, support is dropped
  • gnutls: wire GROUP-X25519-KYBER768 to X25519-KYBER768
  • TEST-PQ: disable pure Kyber768
  • DEFAULT: switch to rh-allow-sha1-signatures = no...
  • java: drop unused javasystem backend
  • java: stop specifying jdk.tls.namedGroups in javasystem
  • ec_min_size: introduce and use in java, default to 256
  • java: use and include jdk.disabled.namedCurves
  • BSI: Update BSI policy for new 2024 minimum recommendations
  • fips-mode-setup: flashy ticking warning upon use
  • fips-mode-setup: add another scary "unsupported"
  • BSI: switch to 3072 minimum RSA key size
  • java: make hash, mac and sign more orthogonal
  • java: specify jdk.tls.namedGroups system property
  • java: respect more key size restrictions
  • java: disable anon ciphersuites, tying them to NULL...
  • java: start controlling / disable DTLSv1.0
  • nss: wire KYBER768 to XYBER768D00
• Update to version 20250425.9267dee:
  • openssl: fix mistakes in integrity-only cipher definitions
  • NO-PQ, cryptopolicies: add experimental value suppression
  • nss: add mlkem768x25519 and mlkem768secp256r1
  • gnutls: 'allow-rsa-pkcs1-encrypt = false' everywhere but in LEGACY
  • TEST-PQ, openssh: add support for MLKEM768 key_exchange
  • LEGACY: drop cipher@pkcs12 = SEED-CBC
  • fips-crypto-policy-overlay: automount FIPS policy, follow-up fixes
  • nss: TLS-REQUIRE-EMS in FIPS
  • DEFAULT: disable RSA key exchange
  • LEGACY: disable sign = *-SHA1
  • nss: wire XYBER768D00 to X25519-KYBER768, not KYBER768
• Add the FIPS scripts fips-finish-install and fips-mode-setup as sources in the spec file as they have been removed upstream.
  • We will maintain these scripts downstream.
  • Update the man pages for update-crypto-policies.8.gz
  • Add crypto policies FIPS output
  • Add man pages in text file in compressed form in the file man-fips-scripts.tar.xz and add them to the Makefile.
• Update to version 20250324.3714354:
  • NO-PQ: introduce
  • LEGACY/DEFAULT/FUTURE: enable hybrid ML-KEM and pure ML-DSA
  • _openssl_block_sha1_signatures: flip the default to 1
  • sequoia: add sha3, x25519, ed25519, x448, ed448, but not for rpm-sequoia
  • sequoia: refactor a bit
  • openssl: specify default key size for req
  • gnutls: support P384-MLKEM1024
  • openssl: stop generating openssl in favour of opensslcnf
  • gnutls: drop kyber (switching to leancrypto took it away)
  • openssl: use both names for P384-MLKEM1024
  • Detect the presence of nss-policy-check
  • Don't use hardcoded python3 path
  • Make xsltproc settable as XSLTPROC
  • python/cryptopolicies/validation/scope.py: fix new ruff rule RUF021
  • Update the info in the README.SUSE file
  • Remove the FEDORA policies and directories

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Micro 6.2
  zypper in -t patch SUSE-SL-Micro-6.2-544=1

Package List:

• SUSE Linux Micro 6.2 (noarch)
  • crypto-policies-scripts-20250714.cd6043a-160000.1.1
  • crypto-policies-20250714.cd6043a-160000.1.1

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1252696
• https://bugzilla.suse.com/show_bug.cgi?id=1253025